App firm says it may be source of Apple breach

Washington: A digital publisher said
today it was likely the source of a data breach which resulted in the leak of
personal data from as many as 12 million Apple iPhone and iPad users.

App firm says it may be source of Apple breach

Hackers initially claimed the data containing Apple identification codes
known as UDIDs were stolen from an FBI computer, but the US law enforcement
agency claimed this was incorrect.

BlueToad, a Florida-based firm which creates digital and mobile editions of
publications, said that it was "the victim of a criminal cyber attack,
which resulted in the theft of Apple UDIDs from our systems."

Paul DeHart, the company's chief executive and president, said in a blog
posting that the firm immediately contacted law enforcement after learning of
the attack.

"Although we successfully defend against thousands of cyber attacks
each day, this determined criminal attack ultimately resulted in a breach to a
portion of our systems," he said.

"When we discovered that we were the likely source of the information
in question, we immediately reached out to law enforcement to inform them and
to cooperate with their ongoing criminal investigation of the parties
responsible for the criminal attack and the posting of the stolen
information."

The company apologised for the breach and said it had fixed the
vulnerability. It also said it does not collect sensitive personal information
like credit cards, social security numbers or medical information.

'We understand and respect the privacy concerns surrounding the data that
was stolen from our system,' DeHart said.

'BlueToad believes the risk that the stolen data can be used to harm app
users is very low. But that certainly doesn't lessen our resolve to ensure that
all data is protected and kept from those who seek to illegally obtain it.'

The group called AntiSec, linked to the hacking collective known as
Anonymous, posted one million Apple user identifiers purported to be part of a
larger group of 12 million obtained from an FBI laptop.

The FBI initially had no comment on the reports, but later issued a
statement which said it never had the data in question.

One Web site set up a database to help users determine if their device was
on the hacked list of Apple unique device IDs (UDIDs).